Sealed Rust

Sealed Rust

Rust LDN

James Munns

2019-07-24

I’m James

@bitshiftmask

james.munns@ferrous-systems.com

Safety Critical Software

  • Avionics
  • Gas Detection
  • Robotics

Other Kinds of “Critical” Software

Security Critical

Mission/Business Critical

Safety Critical

Failing Safe

Rust is an excellent language for Critical Software

Rust in Security Critical Software

Mozilla - Firefox

Microsoft

Image: Matt Miller

We believe Rust changes the game when it comes to writing safe systems software. Rust provides the performance and control needed to write low-level systems, while empowering software developers to write robust, secure programs.

Ryan Levick, Principal Cloud Developer Advocate, Microsoft

Rustls

Rust in Mission Critical Software

NPM - Backend Services

npm’s first Rust program hasn’t caused any alerts in its year and a half in production. “My biggest compliment to Rust is that it’s boring”

Chris Dickinson, NPM

Cloudflare - Wirefilter

[W]e chose Rust as a safe high-level language that allows easy integration with other parts of our stack written in Go, C and Lua via C FFI.

Ingvar Stepanyan, Cloudflare

Safety Critical is similar…

… But Safety Critical is different

Safety Critical Standards

Systems Level Standards

… but we’re talking about software

  • DO-178C - Avionics
  • IEC61508-3 - General Functional Safety
    • ISO26262-6 - Automotive
    • IEC62304 - Medical Software

Different People Wrote Each Standard

Similar Best Practices

More lives at risk, more due dilligence

Stuff like:

Requirements

Code Review

Testing

The point is to avoid errors

Errors in design

Errors in implementation

Just don’t make mistakes!

Yeah, not good enough.

This process generally works well…

… but can be very slow

Lots of manual checking

Lots of extra tooling required

These safety nets are working!

But Bugs are being found late

And these systems are only getting more complex

Systems are no longer…

(safety XOR security XOR mission)

… critical

And we have incompatible safety nets

We have to move fast, AND get it right the first time

It is no longer acceptable to consider mission, security, and safety critical systems in isolation

Safety Critical can learn from other critical development areas

Before I mentioned some sources of errors:

  • Design Errors
  • Implementation Errors

Safety Critical also cares about errors caused by tools

Tools like programming languages and compilers

The real goal:

Ensure that tools don’t introduce problems

We need confidence the tool will do what it is supposed to

Nothing More

Nothing Less

How to build that confidence

Sealed Rust

Build Safety Critical Confidence in Rust

Address regulatory hurdles necessary to bring Rust to new domains

How?

1. Bring together the safety critical community

2. Develop a roadmap

3. Fund existing and new work

4. Make Rust the first compiler certified “in the open”

What do we need?

Drive Interest

Find Funding

Find Industry Leaders

Raise the bar for responsible software engineering

Help us make this a reality sooner than later

Coordination repository

https://github.com/ferrous-systems/sealed-rust

Newsletter

http://eepurl.com/guoC6P

Thank you!

Sealed Rust

Rust LDN

James Munns

2019-07-24